Lawmakers call for changes to protect people's data, or at least give them more control over it

The U.S. credit reporting system – which keeps data on nearly
every American consumer – may be headed for changes designed to better secure the
trove of personal information or at least give you more control over who sees your
credit file.

In the wake of the Equifax breach, ideas are bubbling up
from Congress, where members of both parties are incensed about the exposure of
145.5 million people’s identifying details. Equifax ex-CEO Richard Smith
appeared before three congressional committees last week, and he got an earful
from each of them.

“You’ve been able to accomplish something no one else could
do – bring Republicans and Democrats together in outrage and frustration,” said
Rep. Anna Eshoo, D-Calif.

The Equifax breach “exposed a major shortcoming in our nation’s cybersecurity laws and Congress must act,” Rep. Patrick McHenry, R-N.C., said in a statement Oct. 12.

McHenry announced a proposal to make the big three credit bureaus stop using Social Security numbers as identifiers by 2020. His PROTECT Act would also standardize credit freezes federally and subject the three largest credit bureaus to federal cybersecurity examinations, according to a bill summary.

As the vice chairman of the House Financial Services Committee and deputy House Republican whip, McHenry is viewed as an important backer for financial services legislation.

The three big credit
bureaus – Equifax, Experian and TransUnion – get more consumer complaints aimed
at them than any other companies in the U.S. Consumer Financial Protection
Bureau’s complaint files. Most of the complaints concern errors in their credit
reports. The companies correct the credit report cited in the
complaints about 20 percent of the time, leaving the rest unchanged, CFPB records show.

Give consumers control
of credit filesSeveral bills introduced would reduce or eliminate the cost
of a credit freeze, giving individuals more control over who can view their
credit report, and when.

Under state law, consumers
may “freeze” their credit file at each credit bureau as an anti-fraud measure.
That blocks identity thieves from opening new accounts with your information.
But there’s usually a fee – $10 is typical – unless you are already a victim of
ID theft. There also can be fees to unfreeze the file when you need credit to give lenders access to your file.

Giving consumers control of their credit is the remedy
that some credit bureaus are embracing. Equifax is offering to waive its freeze
fees temporarily for breach victims. But longer term, Smith repeatedly pledged to give consumers control of their
files. Equifax would accomplish
this via software that allows consumers to lock their file, then unlock it when
they apply for credit, for free. TransUnion is also offering this ability
through its free TrueIdentity online service.

Smith said the
company’s software solution will work faster than state-mandated freezes, which
in some cases can take days to implement when done by mail.

But some industry experts
are skeptical that control offered by a credit bureau will be equal to freeze
rights, which are codified by law.

“The degree it’s
going to help – the devil is in the details,” said Evan Hendricks, former
editor of the newsletter Privacy Times and author of “Credit Scores &
Credit Reports: How The System Really Works; What You Can Do.”

“American consumers don’t need just answers; they need action.”

For example,
company-provided systems are likely to be shielded by legal language that
prevents users from taking the company to court if the lock malfunctions. Such
language, called a mandatory arbitration clause, initially covered Equifax’s
free credit monitoring service TrustedID, offered to people whose identifying
details were exposed in the breach. The company removed the clause after an
outcry that breach victims were being forced to sign away their legal rights.

Another problem is that the industry is not entirely on
board with free credit locking. Experian, the third major bureau, has said it
doesn’t plan to offer a free lock-and-unlock function. Such a move would likely
cut the income of credit bureaus by reducing their opportunities to sell credit
reports.

“There’s hundreds of millions of dollars being made selling
credit reports,” Hendricks said. “The industry is not going to want to change
that.”

Standards for data
securitySchakowsky’s data security bill contains special provisions
for “information brokers,” including credit bureaus. The companies would face
heightened standards for information security and requirements to notify
affected people as soon as possible – but no longer than 30 days after
discovering the breach.

Can regulation prevent data hacks from happening? Skeptics
note that credit bureaus are already covered by data security standards under
the Gramm-Leach-Bliley Act. The 1999 law requires the bureaus to ensure
confidentiality of sensitive information and protect it from unauthorized
access. Moreover, Equifax’s own security procedures should have closed the
software vulnerability that hackers exploited, if the procedures had been
followed.

“There’s hundreds of millions of dollars being made selling credit reports. The industry is not going to want to change that.”

What’s aheadThe FTC is investigating the Equifax data breach, which could shed
more light on the company’s security lapses, the timing of its decision to
notify consumers, and missteps in how it handled the remediation effort.

In a letter
to the agency, Sen. Mark Warner, D-Va., calls for a detailed look at the
company’s practices and also asks whether penalties “to deter unreasonable data
security practices” are adequate. The FTC has authority to enforce the
Gramm-Leach-Bliley provisions at credit bureaus.

With so much personal identifying information already
exposed, however, the job of fighting off identity thieves is primarily in the
hands of individuals, one consumer advocate said.

“People have to come to the realization that nothing can be
100 percent secure,” said Edgar Dworsky, a former assistant attorney general in
Massachusetts and member of the credit bureau Experian’s consumer advisory
panel.

Dworsky, who founded and operates the ConsumerWorld.org site, said he
expects that credit freezes in some form will become free, at least for victims
of a breach.

Taking advantage of the ability to control access to your credit
file should become habitual for consumers, along with other security measures
such as monitoring your accounts, transactions and credit report. “You have to
be constantly alert,” he said. “You shouldn’t wait until your credit card
statement comes a month later to see what’s on there.”

PROPOSALS TO REFORM CREDIT REPORT SYSTEM

Measures introduced in Congress responding to the Equifax data breach:

PROTECT Act.

Institutes federal standards for cybersecurity at credit bureaus and subjects them to on-site examinations.

Creates national framework for credit freezes and reduces costs for active servicemembers, people over 65.

Requires the largest credit bureaus to phase out use of Social Security numbers by 2020.

Introduced by Rep. Patrick McHenry, R-N.C (H.R. 4028).

Freedom from Equifax Exploitation Act.

Extends fraud alerts on credit reports and expands rights to free freezes of their report for consumers.

Improves access to credit freezes and reduces cost to $3, or free for certain seniors and active military service members; bans use of credit information for hiring decisions; enhances consumers rights in appealing disputes; tightens standards for accuracy of reports, among other provisions.

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Related Sites

ADVERTISER DISCLOSURE
CreditCards.com is an independent, advertising-supported comparison service. The offers that appear on this site
are from companies from which CreditCards.com receives compensation. This compensation may impact how and where
products appear on this site, including, for example, the order in which they appear within listing categories.
Other factors, such as our proprietary website's rules and the likelihood of applicants' credit approval also
impact how and where products appear on the site. CreditCards.com does not include the entire universe of available
financial or credit offers.

CARDMATCH™ is a free, secure service that will not affect your credit score. Simply provide your basic information, and view offers that match your credit profile within seconds.

Advertiser Disclosure

CreditCards.com is an independent, advertising-supported comparison service. The offers that appear on this site are from companies from which CreditCards.com receives compensation. This compensation may impact how and where products appear on this site, including, for example, the order in which they may appear within listing categories. Other factors, such as our own proprietary website rules and the likelihood of applicants' credit approval also impact how and where products appear on this site. CreditCards.com does not include the entire universe of available financial or credit offers.